Databases
StackOverflow2013
Postsdbo
POC# - RSACryptoServiceProvider Decrypt into a SecureString instead of byte array
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POC# - RSACryptoServiceProvider Decrypt into a SecureString instead of byte array
    text
    copied!<p>I have a method that currently returns a string converted from a byte array:</p> <pre><code>public static readonly UnicodeEncoding ByteConverter = new UnicodeEncoding(); public static string Decrypt(string textToDecrypt, string privateKeyXml) { if (string.IsNullOrEmpty(textToDecrypt)) { throw new ArgumentException( "Cannot decrypt null or blank string" ); } if (string.IsNullOrEmpty(privateKeyXml)) { throw new ArgumentException("Invalid private key XML given"); } byte[] bytesToDecrypt = Convert.FromBase64String(textToDecrypt); byte[] decryptedBytes; using (var rsa = new RSACryptoServiceProvider()) { rsa.FromXmlString(privateKeyXml); decryptedBytes = rsa.Decrypt(bytesToDecrypt, FOAEP); } return ByteConverter.GetString(decryptedBytes); } </code></pre> <p>I'm trying to update this method to instead return a <code>SecureString</code>, but I'm having trouble converting the return value of <code>RSACryptoServiceProvider.Decrypt</code> from <code>byte[]</code> to <code>SecureString</code>. I tried the following:</p> <pre><code>var secStr = new SecureString(); foreach (byte b in decryptedBytes) { char[] chars = ByteConverter.GetChars(new[] { b }); if (chars.Length != 1) { throw new Exception( "Could not convert a single byte into a single char" ); } secStr.AppendChar(chars[0]); } return secStr; </code></pre> <p>However, using <a href="http://social.msdn.microsoft.com/Forums/en-US/clr/thread/555a5cb6-790d-415d-b079-00d62b3a9632/" rel="nofollow noreferrer">this SecureString equality tester</a>, the resulting <code>SecureString</code> was not equal to the <code>SecureString</code> constructed from the original, unencrypted text. My Encrypt and Decrypt methods worked before, when I was just using <code>string</code> everywhere, and I've also tested the <code>SecureString</code> equality code, so I'm pretty sure the problem here is how I'm trying to convert <code>byte[]</code> into <code>SecureString</code>. Is there another route I should take for using RSA encryption that would allow me to get back a <code>SecureString</code> when I decrypt?</p> <p><strong>Edit:</strong> I didn't want to convert the byte array to a regular string and then stuff that string into a <code>SecureString</code>, because that seems to defeat <a href="https://stackoverflow.com/questions/141203/when-would-i-need-a-securestring-in-net">the point of using a <code>SecureString</code></a> in the first place. However, is it also bad that <code>Decrypt</code> returns <code>byte[]</code> and I'm then trying to stuff that byte array into a <code>SecureString</code>? It's my guess that if <code>Decrypt</code> returns a <code>byte[]</code>, then that's a safe way to pass around sensitive information, so converting one secure representation of the data to another secure representation seems okay.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload